Vulnerability Description
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weintek | Cmt-Svr-100 Firmware | < 20210305 |
| Weintek | Cmt-Svr-100 | - |
| Weintek | Cmt-Svr-102 Firmware | < 20210305 |
| Weintek | Cmt-Svr-102 | - |
| Weintek | Cmt-Svr-200 Firmware | < 20210305 |
| Weintek | Cmt-Svr-200 | - |
| Weintek | Cmt-Svr-202 Firmware | < 20210305 |
| Weintek | Cmt-Svr-202 | - |
| Weintek | Cmt-G01 Firmware | < 20210209 |
| Weintek | Cmt-G01 | - |
| Weintek | Cmt-G02 Firmware | < 20210209 |
| Weintek | Cmt-G02 | - |
| Weintek | Cmt-G03 Firmware | < 20210222 |
| Weintek | Cmt-G03 | - |
| Weintek | Cmt-G04 Firmware | < 20210222 |
| Weintek | Cmt-G04 | - |
| Weintek | Cmt3071 Firmware | < 20210218 |
| Weintek | Cmt3071 | - |
| Weintek | Cmt3072 Firmware | < 20210218 |
| Weintek | Cmt3072 | - |
Related Weaknesses (CWE)
References
- https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_IssMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party AdvisoryUS Government Resource
- https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_IssMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27446?
CVE-2021-27446 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
How severe is CVE-2021-27446?
CVE-2021-27446 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27446?
Check the references section above for vendor advisories and patch information. Affected products include: Weintek Cmt-Svr-100 Firmware, Weintek Cmt-Svr-100, Weintek Cmt-Svr-102 Firmware, Weintek Cmt-Svr-102, Weintek Cmt-Svr-200 Firmware.